package com.hqyj.shrio;

import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class MyFilter extends AuthorizationFilter {
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
//  1  获取shiro登录校验通过的用户对象
        org.apache.shiro.subject.Subject subject = getSubject(servletRequest, servletResponse);
        //2 获取自定义的角色参数
        String[] perms = (String[]) o;
        if (perms == null || perms.length == 0) {
            return false;
        }
        for (String perm : perms) {
//3 判断授权的用户 是否拥有 自定义的权限参数或者角色参数
            /*判断授权通过过的角色 是否含有配置过滤器的角色参数，如果有任意一个，我就允许访问*/

            if (subject.hasRole(perm)) {
                System.err.println("当前用户拥有权限：" + perm + ",允许访问");

                return true;
            }
        }
        return false;
    }
}
